The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: iOS 7

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

September 26, 2013Mohit Kumar
Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue, &quo
iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger

iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger

September 24, 2013Wang Wei
Last week Apple releases the iPhone 5S  with Touch ID , a fingerprint-scanning feature, promoted by the company as " Your fingerprint is one of the best passwords in the world ". Just after the launch of iOS7 , Hackers around the world come up with a series of security issues and privacy concerns. One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone 's biometric fingerprint security by just using a high resolution photo of someone's fingerprint. Now, We all are aware about many secret surveillance projects of NSA like PRISM , where U.S. government is collecting data from these Internet companies including - Apple. Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ? It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any
Second iOS 7 Lockscreen vulnerability lets intruders to make calls from locked iPhone

Second iOS 7 Lockscreen vulnerability lets intruders to make calls from locked iPhone

September 21, 2013Wang Wei
Just two days back Apple has yet fixed a security flaw in iOS 7 that allows anyone to bypass the lock screen to access users' personal data and the next one has already appeared. The new vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine, that allows anyone to make calls from a locked iPhone , including international calls and calls to premium numbers. In a video, Daoud showed that calls can be made to any number from a locked iPhone running iOS 7 by using a vulnerability in the device's emergency calling function. The person needs to dial a number and then rapidly tap the call button until an empty screen with an Apple logo appears and makes the call to the particular number. The Forbes writer tested the flaw on two iPhone 5 devices on separate networks and it worked both times. This is the second malfunction found in the lock screen since iOS 7 was seeded to all iPhone owners this past Wednesday.
iPhone's iOS 7 Lockscreen hack allows to bypass Security

iPhone's iOS 7 Lockscreen hack allows to bypass Security

September 20, 2013Mohit Kumar
Like most iOS lock screen vulnerabilities, the passcode lock screen on iOS 7 also suffers from a bug that allows anyone with direct access to the iPhone or iPad. Although Apple claims to have fixed 80 security vulnerabilities with iOS 7, including the ability to bypass the lock screen in iOS 6.1.3, the same person who found the previous vulnerability has found yet another in iOS 7. Discovered by ' Jose Rodriquez ', an iPhone user reported a security flaw in iOS that lets anyone bypass the lockscreen passcode and access sensitive information stored in photos, Twitter, email and more. The flaw resides on users who lock their devices with a traditional PIN code or password. The security flaw is demonstrated in the video below and it works as follows: Swipe up from the bottom of the Lock screen to open Control Center and Launch the Clock app. Open the Alarm Clock section of the Clock app and Hold down the power button. Quickly tap Cancel the immediately doubl
Apple’s Developer Center Offline for 32 Hours; Compromised ?

Apple's Developer Center Offline for 32 Hours; Compromised ?

July 21, 2013Mohit Kumar
It's been over a day now since Apple 's online Dev Center went offline, and latest message can be seen in the screenshot, which explains that the current maintenance has took a lot longer than they expected. " We apologize that maintenance is taking longer than expected. If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us. Thank you for your patience. " message said. Since that time, developers have been unable to access the site and cannot visit the forums or download Mac or iOS SDKs, the iOS 7 beta, or the Mavericks beta. It was first seemed like Apple having some backend issues but according to tweets from many developers, they have received a message from Apple that an attempt was made to reset their user ID's password . Such notices pointing that Apple's Developer Center website may have been compromised. But if it is a sec
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.